Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b3/7e9a18-0629-41eb-a681-a605cad55086/1/2U-2Eym6KYW6qLxuFsjcorsxKnc.roa
File:                     2U-2Eym6KYW6qLxuFsjcorsxKnc.roa (raw, json)
Hash identifier:          KrlvkjS9SKD/PHB33xX+CX5Zyn9t48T8ugGL2ErULzA=
Subject key identifier:   D9:4F:B6:13:29:BA:29:85:BA:A8:BC:6E:16:C8:DC:A2:BB:31:2A:77
Certificate issuer:       /CN=175a20608ace11e7511c8669560636730a9e2abf
Certificate serial:       0194228DBA8B7C48BEF21968435186D6C019
Authority key identifier: 17:5A:20:60:8A:CE:11:E7:51:1C:86:69:56:06:36:73:0A:9E:2A:BF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/F1ogYIrOEedRHIZpVgY2cwqeKr8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b3/7e9a18-0629-41eb-a681-a605cad55086/1/2U-2Eym6KYW6qLxuFsjcorsxKnc.roa
Signing time:             Wed 01 Jan 2025 15:48:21 +0000
ROA not before:           Wed 01 Jan 2025 15:48:21 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     216263
IP address blocks:        185.86.211.0/24 maxlen: 24
                          2a13:c5c0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/b3/7e9a18-0629-41eb-a681-a605cad55086/1/F1ogYIrOEedRHIZpVgY2cwqeKr8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/b3/7e9a18-0629-41eb-a681-a605cad55086/1/F1ogYIrOEedRHIZpVgY2cwqeKr8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/F1ogYIrOEedRHIZpVgY2cwqeKr8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Thu 20 Feb 2025 18:00:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:22:8d:ba:8b:7c:48:be:f2:19:68:43:51:86:d6:c0:19
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=175a20608ace11e7511c8669560636730a9e2abf
        Validity
            Not Before: Jan  1 15:48:21 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=d94fb61329ba2985baa8bc6e16c8dca2bb312a77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:a6:dd:e9:9b:40:ba:b8:e0:c4:b8:bf:0a:97:
                    10:a3:64:d7:c5:75:ae:2b:c4:d1:c6:35:cc:d2:5e:
                    ae:69:21:bc:89:fc:9c:6b:68:c9:ae:c4:19:74:d0:
                    db:49:2e:3a:be:45:69:2d:8f:24:fc:e5:97:87:8e:
                    e2:a8:cf:be:a7:9e:9f:e7:eb:08:d7:06:63:86:97:
                    bf:a8:e5:68:3f:df:a2:76:dc:28:79:bf:1b:59:6d:
                    39:21:fc:c4:6c:dd:ba:5a:21:37:c6:c4:ed:49:98:
                    47:6d:be:5a:ce:f4:56:66:0b:fc:c3:1d:8f:d2:6d:
                    6a:17:8c:c2:e8:29:bd:d7:77:a1:73:7e:4c:74:0a:
                    82:64:f9:87:36:6a:e3:1e:1e:76:60:c5:2c:b8:97:
                    7a:20:c0:0b:43:12:bf:cf:a8:95:76:58:95:aa:eb:
                    30:4e:aa:a4:db:c0:75:05:e5:3f:42:5b:9b:a0:4f:
                    fa:7b:a4:42:1d:5c:04:93:23:77:fa:22:19:5b:20:
                    d8:29:92:01:60:ab:28:9c:0c:7e:23:86:ff:a6:3b:
                    83:9e:7c:79:de:e9:0a:e3:63:b1:60:dc:6e:95:f4:
                    b9:65:25:96:6b:51:52:83:13:f2:7b:ee:65:a5:72:
                    55:f6:62:62:4f:84:c4:f0:49:93:16:48:de:fa:30:
                    af:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:4F:B6:13:29:BA:29:85:BA:A8:BC:6E:16:C8:DC:A2:BB:31:2A:77
            X509v3 Authority Key Identifier:
                keyid:17:5A:20:60:8A:CE:11:E7:51:1C:86:69:56:06:36:73:0A:9E:2A:BF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/F1ogYIrOEedRHIZpVgY2cwqeKr8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/7e9a18-0629-41eb-a681-a605cad55086/1/2U-2Eym6KYW6qLxuFsjcorsxKnc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b3/7e9a18-0629-41eb-a681-a605cad55086/1/F1ogYIrOEedRHIZpVgY2cwqeKr8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.86.211.0/24
                IPv6:
                  2a13:c5c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         40:91:0e:e5:c7:ad:46:c1:ec:3e:e1:2b:e4:72:18:5a:5f:f5:
         92:bc:85:18:d8:62:f5:db:a8:16:dd:fb:0a:e7:4e:a7:bb:a1:
         4e:23:85:74:52:89:25:74:25:48:8e:6d:60:1a:ed:14:1a:d5:
         18:aa:17:54:fd:da:63:b2:c1:21:7a:41:e5:d9:3a:d1:8b:6e:
         ec:8a:04:cc:65:60:6b:3d:cd:9f:9b:8b:02:c9:64:8b:f9:9b:
         67:0d:14:8f:c8:b8:f3:9d:0b:d9:c6:05:94:97:a3:9d:06:88:
         52:74:0e:32:f6:cf:82:97:36:e5:82:f5:d6:c9:93:ad:3d:a9:
         cd:26:f8:99:e7:8a:59:85:35:79:ac:f7:d2:90:a0:85:6e:73:
         06:d7:a0:5f:2f:47:d1:8b:16:74:fd:14:ec:33:5c:69:ac:a9:
         4c:78:c6:29:22:ea:4e:3b:b9:b1:9a:db:11:a8:3e:56:3d:ff:
         29:35:da:08:fc:94:dc:92:ef:04:eb:67:a4:58:74:50:4c:90:
         c6:aa:15:38:a3:bd:ea:1d:97:f1:c0:3b:11:bc:fa:dd:01:c1:
         d0:f8:4b:1d:45:84:bc:5d:2c:e0:f6:bb:ac:e1:d9:66:cf:f6:
         bd:18:a2:36:39:c6:3f:f2:6a:79:be:b9:fb:8a:c1:59:a0:35:
         a4:8d:a8:0b
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZQijbqLfEi+8hloQ1GG1sAZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDE3NWEyMDYwOGFjZTExZTc1MTFjODY2OTU2MDYzNjczMGE5
ZTJhYmYwHhcNMjUwMTAxMTU0ODIxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTRmYjYxMzI5YmEyOTg1YmFhOGJjNmUxNmM4ZGNhMmJiMzEyYTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv6bd6ZtAurjgxLi/CpcQo2TXxXWu
K8TRxjXM0l6uaSG8ifyca2jJrsQZdNDbSS46vkVpLY8k/OWXh47iqM++p56f5+sI
1wZjhpe/qOVoP9+idtwoeb8bWW05IfzEbN26WiE3xsTtSZhHbb5azvRWZgv8wx2P
0m1qF4zC6Cm913ehc35MdAqCZPmHNmrjHh52YMUsuJd6IMALQxK/z6iVdliVqusw
Tqqk28B1BeU/QluboE/6e6RCHVwEkyN3+iIZWyDYKZIBYKsonAx+I4b/pjuDnnx5
3ukK42OxYNxulfS5ZSWWa1FSgxPye+5lpXJV9mJiT4TE8EmTFkje+jCvfQIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFNlPthMpuimFuqi8bhbI3KK7MSp3MB8GA1UdIwQY
MBaAFBdaIGCKzhHnURyGaVYGNnMKniq/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRjFvZ1lJck9FZWRSSElacFZnWTJjd3FlS3I4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMy83ZTlhMTgtMDYyOS00MWViLWE2ODEt
YTYwNWNhZDU1MDg2LzEvMlUtMkV5bTZLWVc2cUx4dUZzamNvcnN4S25jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMy83ZTlhMTgtMDYyOS00MWViLWE2ODEtYTYwNWNhZDU1MDg2
LzEvRjFvZ1lJck9FZWRSSElacFZnWTJjd3FlS3I4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAuVbTMA0E
AgACMAcDBQAqE8XAMA0GCSqGSIb3DQEBCwUAA4IBAQBAkQ7lx61Gwew+4Svkchha
X/WSvIUY2GL126gW3fsK506nu6FOI4V0UokldCVIjm1gGu0UGtUYqhdU/dpjssEh
ekHl2TrRi27sigTMZWBrPc2fm4sCyWSL+ZtnDRSPyLjznQvZxgWUl6OdBohSdA4y
9s+ClzblgvXWyZOtPanNJviZ54pZhTV5rPfSkKCFbnMG16BfL0fRixZ0/RTsM1xp
rKlMeMYpIupOO7mxmtsRqD5WPf8pNdoI/JTcku8E62ekWHRQTJDGqhU4o73qHZfx
wDsRvPrdAcHQ+EsdRYS8XSzg9rus4dlmz/a9GKI2OcY/8mp5vrn7isFZoDWkjagL
-----END CERTIFICATE-----